Sid iddh dharth Kr h Kris ishn hna procedure insert(lst: Node , - - PowerPoint PPT Presentation

▶

Mar 08, 2024 400 likes •883 views

Sid iddh dharth Kr h Kris ishn hna procedure insert(lst: Node , elt: Node ) returns (res: Node ) requires , ensures (,

SLIDE 1

Sid iddh dharth Kr h Kris ishn hna

SLIDE 2

procedure insert(lst: Node, elt: Node) returns (res: Node) requires 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑜𝑣𝑚𝑚 ensures 𝑚𝑡𝑓𝑕(𝑠𝑓𝑡, 𝑜𝑣𝑚𝑚) { if (lst != null) { var curr := lst; while (nondet() && curr.next != null) invariant 𝑑𝑣𝑠𝑠 ≠ 𝑜𝑣𝑚𝑚 ∶ 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠 ∗ 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚 { curr := curr.next; } elt.next := curr.next; curr.next := elt; return lst; } else return elt; }

SLIDE 3

procedure insertion_sort(lst: Node) requires 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑢 ≠ 𝑜𝑣𝑚𝑚 ensures 𝑡𝑚𝑡𝑓𝑕(𝑚𝑡𝑢, 𝑜𝑣𝑚𝑚) { var prv := null, srt := lst; while (srt != null) invariant (𝑞𝑠𝑤 = 𝑜𝑣𝑚𝑚 ∗ 𝑡𝑠𝑢 = 𝑚𝑡𝑢 ∗ 𝑚𝑡𝑓𝑕(𝑚𝑡𝑢, 𝑜𝑣𝑚𝑚)) || (𝑚𝑡𝑓𝑕 (𝑚𝑡𝑢, 𝑞𝑠𝑤) ∗ 𝑞𝑠 ↦ 𝑡𝑠𝑢 ∗ 𝑚𝑡𝑓𝑕 (𝑡𝑠𝑢, 𝑜𝑣𝑚𝑚)) { var curr := srt.next; var min := srt; while (curr != null) invariant 𝑞𝑠𝑤 = 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑡𝑠𝑢 ∗ 𝑚𝑡𝑓𝑕 𝑡𝑠𝑢, 𝑛𝑗𝑜 ∗ 𝑚𝑡𝑓𝑕 𝑛𝑗𝑜, 𝑑𝑣𝑠𝑠 ∗ 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚 || (𝑚𝑡𝑓𝑕(𝑚𝑡𝑢, 𝑞𝑠𝑤) ∗ 𝑚𝑡𝑓𝑕 (𝑞𝑠𝑤, 𝑡𝑠𝑢) ∗ 𝑚𝑡𝑓𝑕 𝑡𝑠𝑢, 𝑛𝑗𝑜 ∗ 𝑚𝑡𝑓𝑕 𝑛𝑗𝑜, 𝑑𝑣𝑠𝑠 ∗ 𝑚𝑡𝑓𝑕(𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚)) invariant 𝑛𝑗𝑜 ≠ 𝑜𝑣𝑚𝑚 { if (curr.data < min.data) { min := curr; } curr := curr.next; } var tmp := min.data; min.data := srt.data; srt.data := tmp; prv := srt; srt := srt.next; } }

SLIDE 4

procedure insert(lst: Node, elt: Node) returns (res: Node) requires 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑜𝑣𝑚𝑚 ensures 𝑚𝑡𝑓𝑕(𝑠𝑓𝑡, 𝑜𝑣𝑚𝑚) { if (lst != null) { var curr := lst; while (nondet() && curr.next != null) { invariant 𝑑𝑣𝑠𝑠 ≠ 𝑜𝑣𝑚𝑚 ∶ 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕(𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠) ∗ 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚 curr := curr.next; } elt.next := curr.next; curr.next := elt; return lst; } else return elt; } ... ... ...

SLIDE 5

𝑑𝑣𝑠𝑠 ≠ 𝑜𝑣𝑚𝑚 ∶ 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕(𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠) ∗ 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚

SLIDE 6

SLIDE 7

SLIDE 8

x 1

𝑓𝑛𝑞

SLIDE 9

x 1

𝑧 ↦ 𝑨

SLIDE 10

x 1

𝑧 ↦ 𝑨 ∗ 𝑨 ↦ 𝑧

SLIDE 11

x 1

𝑧 ↦ 𝑨 ∧ 𝑨 ↦ 𝑧

SLIDE 12

x 1

𝑦 = 1 ∶ 𝑧 ↦ 𝑨 ∗ 𝑨 ↦ 𝑧

SLIDE 13

𝑚𝑡𝑓𝑕 𝑦, 𝑧 ≔ ∃ 𝑨. 𝑦 = 𝑧 ∶ 𝑓𝑛𝑞 ∨ (𝑦 ≠ 𝑧 ∶ 𝑦 ↦ 𝑨 ∗ 𝑚𝑡𝑓𝑕 𝑨, 𝑧 )

k 1

𝑚𝑡𝑓𝑕 𝑦, 𝑜𝑣𝑚𝑚 ≡ ∃𝑨 . 𝑦 ≠ 𝑜𝑣𝑚𝑚 ∶ 𝑦 ↦ 𝑨 ∗ 𝑚𝑡𝑓𝑕 𝑨, 𝑜𝑣𝑚𝑚 ≡ … ≡ 𝑦 ↦ 𝑨 ∗ 𝑨 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑓𝑛𝑞

SLIDE 14

SLIDE 15

(𝑧 ≥ 𝑦)

SLIDE 16

Formulas

𝑑𝑣𝑠𝑠 ≠ 𝑜𝑣𝑚𝑚 ∶ 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕(𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠) ∗ 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚

Graphs

SLIDE 17

𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝑊𝑏𝑠 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 | 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 | 𝑓𝑛𝑞 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐹𝑦𝑞𝑠 𝐹𝑦𝑞𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝐹𝑦𝑞𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝐹𝑦𝑞𝑠 𝑊𝑏𝑠

SLIDE 18

𝐺𝑝𝑠𝑛𝑣𝑚𝑏 → ∃ 𝑊𝑏𝑠 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 | 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 | 𝑓𝑛𝑞 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐹𝑦𝑞𝑠 𝐹𝑦𝑞𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝐹𝑦𝑞𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝐹𝑦𝑞 𝑊𝑏𝑠

𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝑢 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 𝐹𝑦𝑞𝑠 𝐹𝑦𝑞𝑠 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡

SLIDE 19

𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐹𝑦𝑞𝑠 𝐹𝑦𝑞𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝐹𝑦𝑞𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝑊𝑏𝑠 𝐺𝑝𝑠𝑛𝑣𝑚𝑏

SLIDE 20

𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝑢 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 𝐹𝑦𝑞𝑠 𝐹𝑦𝑞𝑠

2 𝑦 𝑢

3 4 5 6

𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡

𝐺𝑝𝑠𝑛𝑣𝑚𝑏 → ∃ 𝑊𝑏𝑠 . 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 | 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 → 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 ∗ 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 | 𝑓𝑛𝑞 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 → ls 𝐹𝑦𝑞𝑠, 𝐹𝑦𝑞𝑠, … | tree 𝐹𝑦𝑞𝑠, … 𝐹𝑦𝑞 → 0 ∣ 𝑊𝑏𝑠

SLIDE 21

𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑚𝑡𝑢 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠 ∗ 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚 ... 𝑑𝑣𝑠𝑠 ≠ 𝑜𝑣𝑚𝑚 ∶ 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠 ∗ 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚 ...

SLIDE 22

𝐼𝑓𝑏𝑞𝑚𝑓𝑢 → ls 𝐹𝑦𝑞𝑠, 𝐹𝑦𝑞𝑠, _ | tree 𝐹𝑦𝑞𝑠, _

𝑑𝑣𝑠𝑠 ≠ 𝑜𝑣𝑚𝑚 ∶ 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠 ∗ 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚

SLIDE 23

𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝑊𝑏𝑠 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 | 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡

𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝑢 𝐺𝑝𝑠𝑛𝑣𝑚𝑏

2 𝑦 𝑢

3 4 5 6

SLIDE 24

𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 | 𝑓𝑛𝑞

𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝑢 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡

2 𝑦 𝑢

3 4 5 6

𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡

SLIDE 25

𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐹𝑦𝑞𝑠 𝐹𝑦𝑞𝑠 𝐹𝑦𝑞𝑠

𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝑢 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 𝐹𝑦𝑞𝑠 𝐹𝑦𝑞𝑠

2 𝑦 𝑢

3 4 5 6

𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡

SLIDE 26

𝐹𝑦𝑞𝑠 𝑊𝑏𝑠

2 𝑦 𝑢

3 4 5 6

𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝑢 𝐺𝑝𝑠𝑛𝑣𝑚𝑏 𝐼𝑓𝑏𝑞𝑚𝑓𝑢 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡 𝐹𝑦𝑞𝑠 𝐹𝑦𝑞𝑠 𝐼𝑓𝑏𝑞𝑚𝑓𝑢𝑡

SLIDE 27

Numeric Invariants:

Training at verification time
Training data: Observations
Desired Invariant

~ Model Our Heap Invariants:

Training beforehand
Training data: Independent
Desired Invariant

~ Predicted Label

SLIDE 28

SLIDE 29

SLIDE 30

SLIDE 31

SLIDE 32

SLIDE 33

...

SLIDE 34

These slides from David Sontag, adapted from Luke Zettlemoyer, Vibhav Gogate, Carlos Guestrin, Andrew Moore, Dan Klein

SLIDE 35

SLIDE 36

SLIDE 37

SLIDE 38

SLIDE 39

procedure insert(lst: Node, elt: Node) returns (res: Node) requires 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑜𝑣𝑚𝑚 ensures 𝑚𝑡𝑓𝑕(𝑠𝑓𝑡, 𝑜𝑣𝑚𝑚) { if (lst != null) { var curr := lst; while ( ? && curr.next != null) { curr := curr.next; } elt.next := curr.next; curr.next := elt; return lst; } } 𝑑𝑣𝑠𝑠 ≠ 𝑜𝑣𝑚𝑚 ∶ 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕(𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠) ∗ 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚 procedure insert(lst: Node, elt: Node) returns (res: Node) requires 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑜𝑣𝑚𝑚 ensures 𝑚𝑡𝑓𝑕(𝑠𝑓𝑡, 𝑜𝑣𝑚𝑚) { if (lst != null) { var curr := lst; while ( ? && curr.next != null) invariant 𝑑𝑣𝑠𝑠 ≠ 𝑜𝑣𝑚𝑚 ∶ 𝑓𝑚𝑢 ↦ 𝑜𝑣𝑚𝑚 ∗ 𝑚𝑡𝑓𝑕(𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠) ∗ 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚 { curr := curr.next; } elt.next := curr.next; curr.next := elt; return lst; } } Grasshopper picture from this blog

SLIDE 40

SLIDE 41

lseg(lst, curr) [] [2] [2, 4] lseg(curr, null) [2, 4, 6, 9] [4, 6, 9] [6, 9] lseg(elt, null) [7] [7] [7] lst.data 2 2 2 curr.data 2 4 6 elt.data 7 7 7

... ... ... ∀𝑣. 𝑣 ∈ 𝐺𝑄 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠 ⇒ 𝑣. 𝑒𝑏𝑢𝑏 < 𝑑𝑣𝑠𝑠. 𝑒𝑏𝑢𝑏 ∀𝑣, 𝑤. 𝐺𝑄 𝑚𝑡𝑓𝑕 𝑚𝑡𝑢, 𝑑𝑣𝑠𝑠 : 𝑣 →+ 𝑤 ⇒ 𝑣. 𝑒𝑏𝑢𝑏 ≤ 𝑤. 𝑒𝑏𝑢𝑏 ∀𝑣, 𝑤. 𝐺𝑄 𝑚𝑡𝑓𝑕 𝑑𝑣𝑠𝑠, 𝑜𝑣𝑚𝑚 : 𝑣 →+ 𝑤 ⇒ 𝑣. 𝑒𝑏𝑢𝑏 ≤ 𝑤. 𝑒𝑏𝑢𝑏 𝑑𝑣𝑠𝑠. 𝑒𝑏𝑢𝑏 ≤ 𝑓𝑚𝑢. 𝑒𝑏𝑢𝑏

SLIDE 42

Analog to functional version from:

He Zhu, Gustavo Petri, Suresh Jagannathan, Automatically Learning Shape Specifications, PLDI 2016

SLIDE 43

SLIDE 44

Picture from Aqua Teen Hunger Force Wikia

SLIDE 45

SLIDE 46

SLIDE 47